LingBo Tang wrote: > Hi all, > > The attached file is the summary of investigation on TX with > virtual console project. Your feedback are appreciated. This looks like a good summary to me.
A few concerns I have are: Whether the system will remain properly usable without the hotkeys and will not leave open hidden sessions. I.e. when starting X it must move automatically to the new VT (if X is started on a new VT) and must kill any existing commandline login and must also transition back correctly. While it is necessary for TX systems to have hotkeys off by default, we do allow administrators to intentionally enable solaris features that would not pass evaluation. My preference would be to first use a (SMF?) property if the administrator has explicitely set it but otherwise determine the default of whether hot keys are enabled by libc::is_system_labeled(). From the perspective of solaris secure by default, I do not think it is acceptable if hotkeys are session remappable either. I think you need the keys to be administrator configurable and then need to deliver key events first to the VT management and if they do not match a VT hot key, on to the active VT session. Multiple X servers and a gui switch event is an interesting problem. It will be necessary to disable the possibility of any single label X sessions or one can visually emulate the switcher with trusted path. I don't think that is a concern right now, but should be a noted requirement if a secure X switcher is mentioned. Thanks, -Will > > Regards, > Lingbo